starred/certidude-laurivosandi
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude.git synced 2026-04-25 08:35:55 +03:00
Code Issues 29 Projects Releases Packages Wiki Activity

[GH-ISSUE #43] Database backed tokens #34

New issue
Closed
opened 2026-02-26 03:33:32 +03:00 by kerem · 1 comment
kerem commented 2026-02-26 03:33:32 +03:00
Owner
Copy link

Originally created by @laurivosandi on GitHub (Feb 26, 2018).
Original GitHub issue: https://github.com/laurivosandi/certidude/issues/43

Currently hashing algorithm is used for tokening systems. Not having to save stuff to database is a pro of this approach, but if server's secrets are compromised attacker can generate a valid token. Also such token can be reused.

Certidude should support a database backed token system where token identifier is genuinely random and relevant information is looked up on the server side from the database.

Originally created by @laurivosandi on GitHub (Feb 26, 2018). Original GitHub issue: https://github.com/laurivosandi/certidude/issues/43 Currently hashing algorithm is used for tokening systems. Not having to save stuff to database is a pro of this approach, but if server's secrets are compromised attacker can generate a valid token. Also such token can be reused. Certidude should support a database backed token system where token identifier is genuinely random and relevant information is looked up on the server side from the database.
kerem closed this issue 2026-02-26 03:33:32 +03:00
kerem commented 2026-02-26 03:33:32 +03:00
Author
Owner
Copy link

@laurivosandi commented on GitHub (May 24, 2018):

Fixed with ce93fbb58b

<!-- gh-comment-id:391744654 --> @laurivosandi commented on GitHub (May 24, 2018): Fixed with ce93fbb58b808fee08d6c95b80b8840ce63cbbdb
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dev
No results found.
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/certidude-laurivosandi#34
No description provided.